Governance and risk management are attractive career avenues for thorough IT security professionals with a knack for detail and detection.
Latest findings from the Ponemon Institute show organisations investing more heavily in security forensics, detection methodologies and governance: the Cost of Cybercrime Report found that early-detection can help reduce costs of attack by 25%.
Read the CWJobs checklist of skills and opportunities in risk, compliance and governance.
What are the opportunities?
The growing number of risk-related professional qualifications on offer is evidence of just how important risk and governance is in the current IT environment. Finance is particularly buoyant, because of the introduction of heavier regulation and the stricter internal governance of financial institutions. Prominent sectors and likely growth areas include: all asset classes, insurance companies and any trading or financial services institution.
What’s the person specification?
Governance folk have to consider all factors before reaching sound decisions. Paying great attention to detail ensures compliance is accurate, and it’s necessary to ask questions to delve deeper into issues that might need to be addressed. A diligent and inquisitive approach is a must, as is diplomacy: colleagues may resist you to get through compliance and you may need to go back to them and escalate the issue.
How do you get a foot in the door?
For those wishing to pursue a career in this field, one potential route is to seek opportunities within corporate/non-technical areas of an IT department. This should allow opportunity to have a broad oversight of IT within the organisation and how it integrates with risk management and governance frameworks.
Recommended first jobs?
The best place to start is operations; seeing how things work from the ground level will enable you to get a broader picture and help you to understand the issues, policies and procedures. Your role might include making sure things are happening and being logged for example. From there you could move towards technical design. Anyone with an auditing background will shine in the operations arena.
The best professional qualifications are?
CRISC (Certified in Risk and Information Systems Control) qualification from ISACA is bang-on for governance and compliance. Firms recruiting security compliance personnel favour the Information Security Management System standard ISO 27001. Candidates with the Certified Information Systems Security Professional (CISSP) certificate – the information security certification – are also popular. Other relevant accreditations include the CESG Listed Advisor Scheme (CLAS), which enables professionals to practise information assurance in the government.
What are the job prospects?
As the Ponemon Institute’s findings show, governance and compliance skills are hot as business beefs up its information security and assurance. The better paid security jobs are in compliance, simply because organisations have to have them. Once you have an understanding of the framework for compliance it can be transferable to different industries, and it’s this portability brings exciting prospects.
Check CWJobs for jobs in Governance, Risk and Compliance
Our thanks to:
Carl Shallow, Head of Compliance & QSA, SecureData
Paul Kelly, Senior Manager, Business Technology & Consultancy, with Scott-Moncrieff
Simon Taylor, Director at Venn Group
